Australia, New Zealand Take A Hard BEC Scam Hit

While the business email compromise (BEC) scam is a global pain point for businesses, this week’s B2B Data Digest looks at the latest figures in B2B payments fraud and finds BEC heating up in one particular region: Australia and New Zealand.

New research reveals how cyber attackers are stealing company cash from businesses large and small with examples emerging across businesses of all sizes — even forcing one firm to shutter its doors.

101 percent more BEC scams have hit New Zealand businesses between July and September of this year, with total losses in the country hitting nearly $700,000, according to a report from Human Resources Director, citing data from CERT NZ. “Email is widely used and trusted both in business and our personal lives,” said CERT NZ Director Rob Pope in a statement. “This unfortunately makes it an easy target for cyber attackers who are looking to make a quick buck.” CERT is advising businesses to keep software up to date, deploy strong passwords and adopt antivirus software to combat the threat of BEC and other related frauds.

4,255 BEC scams have hit Australian small- to medium-sized businesses (SMBs) this year alone, according to Smart Company reports. In total, about $104.5 million has been stolen from businesses as a result of these attacks, the latest data from the Australian Cyber Security Center (ACSC) as reported by SmartCompany revealed. Reports noted one business, hedge fund Levitas Capital, was forced to shutter operations following a whopping $6.4 million erroneous payment resulting from a BEC scam. Another business, homewares company Sage and Clare, was out $7,360 after falling for such fraud.

$37,560 was stolen from an Australian SMB thanks to a redirect fraud attack, according to The building business owner, Jane Fleming, transferred the funds into a scammer’s bank account, thinking she was paying a legitimate subcontractor, the report said, noting that she had been working with the subcontractor, a concreter, for years. Fleming reportedly fell for a common B2B payment fraud attack in which scammers send a seemingly legitimate invoice claiming that a supplier’s bank account details have been changed. Reports said a hacker assumedly gained access to either Fleming’s email account, or the concreter, to simulate the invoice.

$23.8 million worth of invoice redirect and CEO fraud hit Irish businesses each year, according to The Irish Sun. The BEC attacks include hackers that pretend to be legitimate CEOs, or send fraudulent invoices, to initiate a payment from a company into a fraudster’s account. According to the publication, Irish police, known as the Gardai, are now asking business owners and professionals to “think before they click” in an effort to combat such scams.

$12.5 billion is estimated to be the total cost of BEC damages worldwide, according to data from the FBI cited in a new report from Netpoleon Solutions. Titled “Business Email Compromise (BEC): How does it attack your business and how can you prevent it?” the report noted that, according to the FBI, between October 2013 and May 2018 the number of recorded BEC scams hit nearly 80,000 — a figure that is likely on the rise as BEC scams increase amid the pandemic. “We should pay more attention to BEC,” the report concluded.